[lxc-devel] [lxc/lxc] b4f7af: Modify lxc-fedora and lxc-centos for multiple issu...

GitHub noreply at github.com
Tue Jan 14 22:01:51 UTC 2014 

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: b4f7af7a520b23c873e404562ec518a576e63d4c
      https://github.com/lxc/lxc/commit/b4f7af7a520b23c873e404562ec518a576e63d4c
  Author: Michael H. Warfield <mhw at WittsEnd.com>
  Date:   2014-01-14 (Tue, 14 Jan 2014)

  Changed paths:
    M templates/lxc-centos.in
    M templates/lxc-fedora.in

  Log Message:
  -----------
  Modify lxc-fedora and lxc-centos for multiple issues...

This is a reissue of two previous patches along with some additional
changes for hardening the root password process based on discussions
on-list.

--
This patch modifies the lxc-fedora and lxc-centos templates for 3 things.

1) Extensively modifies root password generation, storage, and management
    based on discussions on the devel list.

  Root passwords are hardened and have advanced configurability.
    A static password may be provided.
    A password based on a template may be generated, including ${RANDOM}.
    A password may be generated through mktmp using a template with X's.
    Root passwords default to expired, initially.
    Passwords may optionally be echoed to stdout at container creation. (no)
    Passwords may optionally be stored in ${rootfs_path}/tmp_root_pass. (yes)
    Users may be optionally forced to change the password at creation time. (no)
    Default is to generate a pattern based password and store, no force change.
    All of this may be overridden by environment variables through
      conditional assignment.

2) Random static hardware addresses are generated for all configured
    interfaces.

3) Add code to create sysv init style scripts to intercept shutdown and
    reboot to prevent init restart and hang for CentOS and legacy Fedora
    systems on shutdown, reboot, init 0, and init 6.  This solves a variety
    of hang conditions but only affects newly created containers.  Does
    not have any impact on systemd based containers.

Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>

More information about the lxc-devel mailing list